Survival Guide: Black Hat & DEF CON 22

I would say someone is getting ready to go to Vegas for Black Hat and DEF CON. Many of you may be rolling your eyes at the thought of another “Safety First” blog. But we in education understand that repetition is the name of the game. So whether you are a seasoned pro or a newcomer to these events, please take a moment to make sure you don’t end up on the Wall of Sheep.

Black Hat and DEF CON are where the security professionals (née hackers) come to play. You are guaranteed to see some amazing exploits both technical and human. There will also be a population of people who come and do things because they can, not because they should.

Malicious social engineers can pack a mean punch as they can combine technical skills (which you would expect at BH/DC) with smooth talkin’ and friendly faces. So for the rest of us mere mortals, here are some quick things to keep in mind other than bringing sunblock and an extra liver.

Laptop Safety

Many of us are accustomed to staying connected to our jobs and homes while we’re away. If you must bring a laptop, for the love of all that’s holy make sure it contains no personal data, passwords or anything you care to lose or have posted via projector on the wall for all to see. Make sure your patches and AV are up to date. If you just need the laptop to work, turn off your wifi and Bluetooth. If you must connect, try to find a wired connection, or better yet, bring your own mobile connection.

As frequent travellers, however, we know that the wired connection is becoming less and less of an option. The next best thing you can do is connect via VPN to a known good network. That last part will be challenging in Vegas since even a legitimate networks have been known to be compromised.

Don’t log onto any critical (e.g., financial) accounts while in Vegas if at all possible. Finally, if for any reason a pop up shows up asking you to accept a certificate – run, do not accept, close and stop what you are doing.

Cell Phone Management

Cell phone security is easily as big a problem as laptop security. Basically, you should treat your cell phone much in the same way as you would your laptop. To be the most secure, disable Bluetooth and wifi. Don’t respond to texts or calls from unknown sources. Assume that everything you say and text is being eavesdropped (thank you, NSA).

Communications Security

Hopefully, you are proud of who you are, what you do, and what you’ve accomplished. Just be careful of who you tell.. Undoubtedly, these two conferences are amazing opportunities to connect and network. But clearly you need to be mindful of who else might be paying attention to your conversations, especially as the social events start kicking in.

It’s also good to keep in mind that malicious social engineers can work in teams. If you provide a tiny piece of critical information to more than one person, that could add up to a big problem for you later.

Its a good idea to make sure your people at work and home know where you will be and if/how you’ll be contacting them. An attacker with just a little bit of knowledge about you could take advantage of unsuspecting and unprepared colleagues, friends, and family members.

Personal Security

These are habits that make common sense outside of Vegas as well. When on the road, be careful about disposing of documents and other items that contain your personally identifying information (PII) such as receipts and even those little folders that contain your room key and number. All it takes is someone knowing your name and room number to impersonate you at the front desk and get reissued a room key.

Thinking of trusting the hotel safe? Maybe you need to watch a few of the videos showing you how easy it is to hack them (http://youtu.be/vW7M84khZy8). Take great care when using your credit/debit card at merchants or ATMs. Skimmers may abound – and it wouldn’t hurt to closely monitor your accounts after returning home, either.

Don’t be Low Hanging Fruit

Finally, just think critically about your environment and what you’re doing. There are plenty of malicious attackers out there who get their kicks from compromising the toughest technical and human systems. But like anyone else, most will simply take the lowest hanging fruit.

Despite all the wonder and glory that is BH/DC, it can be a hostile environment for folks not taking the time to prepare and not thinking carefully about their choices.